MozillaZine

Can I access an extension from with a web pages javascript?

Talk about add-ons and extension development.
sb@cyberscience.com
 
Posts: 3
Joined: November 25th, 2004, 9:37 am

Post Posted November 25th, 2004, 9:42 am

Sorry if this has been asked many times before, but I'm trying to write an extension which I'd like to be accessable from a normal web page's javascript.

However, I can't find any way of doing this.

If anyone knows of any way that I can make normal javascript code call into my extension in any shape or form, please please let me know.

(Just a pointer to examples of this already being done would be nice....)

Thanks in advance
Simon

red_avni
 
Posts: 21
Joined: August 12th, 2004, 7:17 am

Post Posted November 25th, 2004, 7:27 pm

A web site should never be able to access anything in the chrome (including extensions) for security reasons, but realtime communication via the DOM is theorhetically doable. One way to do it that would be to have your extension "listen" for a particular DOM element and use it as "socket". It would be the same concept as the old iframe rpc stuff without the need for http requests.

Edit:
A couple threads below this one, another, probably better method is talked about using an event as the socket.
http://forums.mozillazine.org/viewtopic.php?t=166342

jensb

User avatar
 
Posts: 544
Joined: April 23rd, 2003, 12:42 pm
Location: Germany

Post Posted November 26th, 2004, 1:59 am

What exactly are you planning? Perhaps we can give you better advice if we know what you need this integration for...
Mouse Gestures - control your browser the elegant way
MessageFaces - embed pictures in mail header

sb@cyberscience.com
 
Posts: 3
Joined: November 25th, 2004, 9:37 am

Post Posted November 26th, 2004, 2:40 am

thanks for the replies so far, and as asked for here's a more complete description of what I want to do...

History: I have an ActiveX control which I use regularly in my web pages. It allows certain programs to be run on the client according to some basic security settings, some of which are stored in the registry and some are hard coded. This, together with some clever stuff in the web server, allows me to launch various client server programs without forcing the user to log in each time - merely once, into the web site.

I have had lots of requests to support Firefox, which I admit is my browser of choice - I only use IE to access my applications.

Now, writing an extension that provides the same functionality as the ActiveX control is trivial.

However most of my site uses javascript in the web pages to control the control.

What I'd like to do is use similar code to control an extension.

The typical code I use to control the ActiveX control looks like...

> var launcher_installed = checkLauncher( launcher );
>
> if ( launcher_installed == 2 )
> {
> launcher.resetSwitches();
>
> launcher.addSwitch( 'application', application );
> launcher.addSwitch( 'host', 'localhost:80' );
>
> launcher.go( launcher_software, '' );
> }


Once again, thanks in advance for any help you can give...

Simon

jensb

User avatar
 
Posts: 544
Joined: April 23rd, 2003, 12:42 pm
Location: Germany

Post Posted November 26th, 2004, 5:09 pm

An easy way to provide a one-way notification is using standard DOM calls for passing information via HTML element nodes and custom events. In your extension, write the following:
Code: Select all
function myListener(e) {
  alert("data:" + e.target.getAttribute("application") + "/" + e.target.getAttribute("host"));
}
document.addEventListener("MyExtensionEvent", myListener, false, true);

Update 2005-12-30: Firefox 1.0.5 added an optional fourth parameter indicating whether your chrome code wants to accept untrusted events (= synthesized by web content), see above. Details in Bug 289940. Thanks to asqueella for notifying me.

Then, in a web page, do the following:
Code: Select all
if ("createEvent" in document)
{
  var element = document.createElement("MyExtensionDataElement");
  element.setAttribute("application", "fubar");
  element.setAttribute("host", "localhost:80");
  document.documentElement.appendChild(element);
 
  var ev = document.createEvent("Events");
  ev.initEvent("MyExtensionEvent", true, false);
  element.dispatchEvent(ev);
}

This first creates an <MyExtensionDataElement> and inserts it into the web page's document tree, sets some attributes and then creates and dispatches a MyExtensionEvent (just like the "click" event you catch with "onclick" handlers). The event bubbles up from the web page and reaches the chrome (extension level), where your listener catches it, and reads some data from the DOM node where the event originated (the MyExtensionDataElement).

To "answer" to the web page, your extension could set an attribute (return code etc.) on the event target element.

Security Note 1: never, never invoke one of the web page's JavaScript functions from your extension - doing this would be a huge security leak, as the function would run with full privileges (just like the extension).

Security Note 2: If possible, have your extension ignore any events when the currently shown web page is not on your server...

Note 3: It might be a good idea to clean up the created element, or to create it once when the web page loads and then re-use it each time you send a "message" to the extension.

(If anyone feels like this approach should be on the knowledge base, feel free to adapt it and put it there.)
Last edited by jensb on December 29th, 2005, 4:15 pm, edited 1 time in total.
Mouse Gestures - control your browser the elegant way
MessageFaces - embed pictures in mail header

red_avni
 
Posts: 21
Joined: August 12th, 2004, 7:17 am

Post Posted November 27th, 2004, 3:46 pm

Nothing to add. I just had to say...that was an excellent post jensb.

sb@cyberscience.com
 
Posts: 3
Joined: November 25th, 2004, 9:37 am

Post Posted December 1st, 2004, 6:15 am

Just to say thanks very much for the reply and the example code. It will definitely make my life much easier...

Simon

asqueella
 
Posts: 4013
Joined: November 16th, 2003, 3:05 am
Location: Russia, Moscow

Post Posted January 12th, 2007, 3:24 pm

Security Note 1: never, never invoke one of the web page's JavaScript functions from your extension - doing this would be a huge security leak, as the function would run with full privileges (just like the extension).


Well, not with full privileges, but it's still not recommended and xpcnativewrappers don't let you do that in the more recent versions of Fx.

ericjung
 
Posts: 846
Joined: August 4th, 2003, 9:32 am

Post Posted May 18th, 2007, 5:12 pm

This topic has been documented here on developer.mozilla.com (MDC).

ashishnm
 
Posts: 2
Joined: July 6th, 2007, 12:21 pm

Post Posted July 6th, 2007, 12:28 pm

Using DOM events and an HTML element only allows you to pass static data across from the extension to the web page. However, what do you do if you want to pass a JS object across to the web page? You can create your own XPCOM object in the extension but, to access it from the web page you would still need UniversalXPCOM access. Not sure how you can get that privilge for your application only?

Old Michael Buckley
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted July 6th, 2007, 5:37 pm

Well you would put the js object as an object on the element ashishnm

aElement.object = javaScriptObject;
New [url=http://forums.mozillazine.org/profile.php?mode=viewprofile&u=299802:3o1quhg8]Michael Buckley[/url:3o1quhg8] account as old one was lost.

ashishnm
 
Posts: 2
Joined: July 6th, 2007, 12:21 pm

Post Posted July 6th, 2007, 6:09 pm

Michael Buckley wrote:Well you would put the js object as an object on the element ashishnm

aElement.object = javaScriptObject;
I believe that doesn't work. If it did it would be a security risk, as you would be able to pass any object created in the extension which has full security privileges to a web page script (i.e. an untrusted source).

Old Michael Buckley
 
Posts: 0
Joined: December 31st, 1969, 5:00 pm

Post Posted July 6th, 2007, 6:12 pm

I think it would work for most objects though, but I think if it reverenced an XPCOM it would then not work.
New [url=http://forums.mozillazine.org/profile.php?mode=viewprofile&u=299802:3o1quhg8]Michael Buckley[/url:3o1quhg8] account as old one was lost.

csenthilkumar87
 
Posts: 7
Joined: February 5th, 2009, 9:27 pm

Post Posted February 5th, 2009, 10:54 pm

many thanks to jensb for the post.. it was really helpful!! :):)

sepiriz
 
Posts: 1
Joined: December 18th, 2009, 9:38 am

Post Posted December 18th, 2009, 9:50 am

I followed the guide based on this thread https://developer.mozilla.org/en/Code_s ... eged_pages
I works fine.

Now I am trying to follow the recommandation of second security note.
But testing event.target.ownerDocument.location won't work in my case.

I would like to encrypt the attribute content before communicating it to my extension, and then decrypt it in the extension.

Can someone help me on encryption/decrytion using XPCOM or javascript...?

Return to Extension Development


Who is online

Users browsing this forum: No registered users and 1 guest